Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement field configurable security for global admin, project admin, and team member #346

Open
Tracked by #399
ethanstrominger opened this issue Jul 4, 2024 · 0 comments · May be fixed by #401
Open
Tracked by #399

Implement field configurable security for global admin, project admin, and team member #346

ethanstrominger opened this issue Jul 4, 2024 · 0 comments · May be fixed by #401
Labels
complexity: large Many parts are unexplained and up to the implementer to figure out. ethan feature: security role: dev s: PD team stakeholder: People Depot Team size: 13+pt Must be broken down into smaller issues

Comments

@ethanstrominger
Copy link
Member

ethanstrominger commented Jul 4, 2024
edited
Loading

Overview

Implement ability to configure security for user fields to prevent global admin, project admin, practice area lead, and team member from having read, update, or create permissions to fields that are sensitive. These roles correspond to adminGlobal, adminProject, practiceLead,and memberTeam permission types.

Functional Security Requirements (Excluding PracticeAreaAdmin)

  1. Role-Based Access Control (Excluding PracticeAreaAdmin)
  • AdminGlobal:
    • Full access across all Projects and Practice Areas.
    • Read any field if FieldPermissions specifies any permission type for reading.
    • Patch/Post any field if FieldPermissions specifies any permission type for patching or posting.
  • AdminProject:
    • Access restricted to assigned Project.
    • Read fields within the same Project if FieldPermissions specifies AdminProject or a less privileged type for reading.
    • Patch/Post fields within the same Project if FieldPermissions specifies AdminProject or a less privileged type.
  • MemberProject:
    • Read-only access within assigned Project.
    • Read fields within the same Project if FieldPermissions specifies MemberProject or no specific permission type.
    • No patch/post access.
  1. Endpoint Access Control
  • POST /users:
    • Allowed for AdminGlobal and AdminProject users within their Project.
    • Fields allowed only if specified for posting by FieldPermissions.
  • PATCH /users/{id}:
    • Allowed for AdminGlobal and AdminProject users within their Project.
    • Fields allowed only if specified for patching by FieldPermissions.
  • GET /users/{id}:
    • Allowed for AdminGlobal, AdminProject, and MemberProject users within the same Project.
    • Fields allowed only if specified for reading by FieldPermissions.
@ethanstrominger ethanstrominger added the draft This issue is not fully-written label Jul 4, 2024
@github-project-automation github-project-automation bot moved this to New Issue Review in P: PD: Project Board Jul 4, 2024
@ethanstrominger ethanstrominger moved this from New Issue Review to Ice Box in P: PD: Project Board Jul 4, 2024
@ethanstrominger ethanstrominger moved this from Ice Box to In progress (actively working) in P: PD: Project Board Jul 4, 2024
@ethanstrominger ethanstrominger moved this from In progress (actively working) to PR Needs review (automated column, do not place items here manually) in P: PD: Project Board Jul 11, 2024
@ethanstrominger ethanstrominger mentioned this issue Jul 11, 2024
Closed
@ethanstrominger ethanstrominger changed the title Draft: implement field configurable security Implement field configurable security Jul 12, 2024
@ethanstrominger ethanstrominger changed the title Implement field configurable security Implement field configurable security for global admin, project admin, practice area lead, and team member Sep 29, 2024
@ethanstrominger ethanstrominger moved this from PR Needs review (automated column, do not place items here manually) to 🧊Ice Box in P: PD: Project Board Oct 1, 2024
This was referenced Oct 1, 2024
Open
Open
Closed
Open
@ethanstrominger ethanstrominger changed the title Implement field configurable security for global admin, project admin, practice area lead, and team member Implement field configurable security for global admin, project admin, and team member Nov 10, 2024
@ethanstrominger ethanstrominger added size: 13+pt Must be broken down into smaller issues complexity: large Many parts are unexplained and up to the implementer to figure out. feature: security role: dev and removed role: missing size: missing feature: missing stakeholder: missing draft This issue is not fully-written labels Nov 10, 2024
@ethanstrominger ethanstrominger added s: PD team stakeholder: People Depot Team and removed complexity: missing labels Nov 10, 2024
@ethanstrominger ethanstrominger moved this from 🧊Ice Box to ❓Questions/Review in P: PD: Project Board Nov 10, 2024
@ethanstrominger ethanstrominger mentioned this issue Nov 10, 2024
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complexity: large Many parts are unexplained and up to the implementer to figure out. ethan feature: security role: dev s: PD team stakeholder: People Depot Team size: 13+pt Must be broken down into smaller issues
Projects
P: PD: Project Board
Status: ❓Questions/Review
Milestone
No milestone
3 participants
@ethanstrominger @ExperimentsInHonesty @shmonks